chore: update gh actions to use docker scout

mornedhels · Nov 8, 2024 · b6d1937 · b6d1937
1 parent a3dcbec
commit b6d1937
Show file tree

Hide file tree

Showing 4 changed files with 33 additions and 19 deletions.
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -22,28 +22,32 @@ jobs:
       image-name: enshrouded-server
       image-tag: dev-proton
       dockerfile: dockerfiles/proton.Dockerfile
-      trivy-scan: false
+      scan-category: proton
     secrets:
       CONTAINER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
   build-wine-stable:
     uses: mornedhels/workflow-center-public/.github/workflows/docker-build.yml@main
     with:
       image-name: enshrouded-server
       image-tag: dev-wine
       dockerfile: dockerfiles/Dockerfile
+      scan-category: wine-stable
     secrets:
       CONTAINER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
   build-wine-staging:
     uses: mornedhels/workflow-center-public/.github/workflows/docker-build.yml@main
     with:
       image-name: enshrouded-server
       image-tag: dev-wine-staging
       dockerfile: dockerfiles/Dockerfile
+      scan-category: wine-staging
       build-args: |
         WINE_BRANCH=staging
-      trivy-scan: false
     secrets:
       CONTAINER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
   update-readme:
     if: github.event_name != 'pull_request'
     runs-on: ubuntu-latest

diff --git a/.github/workflows/docker-scout-scan.yml b/.github/workflows/docker-scout-scan.yml
@@ -0,0 +1,23 @@
+name: Docker Scout Scan
+
+on:
+  schedule:
+    - cron: '0 0 * * 5'
+  workflow_dispatch:
+
+jobs:
+  docker-scout-scan-latest:
+    uses: mornedhels/workflow-center-public/.github/workflows/docker-scout.yml@main
+    with:
+      image-name: enshrouded-server
+      scan-category: proton-latest
+    secrets:
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
+  docker-scout-scan-dev:
+    uses: mornedhels/workflow-center-public/.github/workflows/docker-scout.yml@main
+    with:
+      image-name: enshrouded-server
+      image-tag: dev
+      scan-category: proton-dev
+    secrets:
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -12,23 +12,27 @@ jobs:
     with:
       image-name: enshrouded-server
       dockerfile: dockerfiles/proton.Dockerfile
+      scan-category: proton-latest
       image-tag: |
         ${{ github.event.release.tag_name }}
         ${{ github.event.release.tag_name }}-proton
         stable-proton
         latest
     secrets:
       CONTAINER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
   docker-build-wine:
     uses: mornedhels/workflow-center-public/.github/workflows/docker-build.yml@main
     with:
       image-name: enshrouded-server
       dockerfile: dockerfiles/Dockerfile
+      scan-category: wine-stable-latest
       image-tag: |
         ${{ github.event.release.tag_name }}-wine
         stable-wine
     secrets:
       CONTAINER_REGISTRY_PASSWORD: ${{ secrets.DOCKER_TOKEN }}
+      DOCKERHUB_TOKEN: ${{ secrets.DOCKER_TOKEN }}
   update-readme:
     runs-on: ubuntu-latest
     needs: [docker-build-proton,docker-build-wine]

diff --git a/.github/workflows/trivy-scan.yml b/.github/workflows/trivy-scan.yml